<?php
	// Check crossing acess
	if (!defined('RIGHT_ACCESS') || !defined('ROOT_FOLDER'))
	{
		header('Content-Type: text/xml; charset=utf-8');
		echo '<?xml version="1.0"?>';
		echo '<atomtask>';
		echo '<request>error.request.invalid</request>';
		echo '</atomtask>';
		return;
	}	

	// Include functions
	include_once(ROOT_FOLDER.'includes/auth_func.php');
	// Check access permission
	if (!isset($_POST['user_id']) || !isset($_POST['token']))
	{
		XML::write_element('auth', 'error.user_auth.access_denied');
		return;
	}
	// Binding data
	$user_id = trim(Text::standardize($_POST['user_id']));
	$token = trim(Text::standardize($_POST['token']));
	// Getting user token data
	$auth = new Authorize($user_id, $token);

	// Expired -> renew
	$valid_auth = false;
	if ($auth->token_status == 'expired')
	{
		if ($auth->renew_token())
		{
			XML::write_element('auth', 'error.user_auth.token_expired');
			XML::write_element('token', $auth->token);
			$valid_auth = true;
		}
		else
			XML::write_element('auth', 'error.request.unknown');
	}
	else
	{
		if ($auth->token_status == 'valid')
		{
			XML::write_element('auth', 'success.user_auth');
			$valid_auth = true;
		}
	}
	if (!$valid_auth)
	{
		XML::write_element('auth', 'error.user_auth.access_denied');
		return;
	}
?>